According to Kaspersky, a new malware framework called OkoBot is targeting crypto investors through social engineering and trojanized GitHub applications since January 2026. The malware can steal crypto wallet files, browser data, user credentials, and inject malicious extensions to intercept wallet windows and steal assets.
Separately, SlowMist disclosed another malicious campaign exploiting fake LinkedIn job opportunities to infiltrate Web3 developers. Attackers impersonate recruiters with fraudulent GitHub repositories, tricking developers into pulling code and installing dependencies, leading to theft of project keys, cloud credentials, or wallet extensions.